[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Rant - Emacs mail is not user friendly

From: Stephen J. Turnbull
Subject: Re: Rant - Emacs mail is not user friendly
Date: Tue, 18 Nov 2014 14:30:45 +0900

Richard Stallman writes:

 >   > (I agree with you that Emacs that has an attack surface that
 >   > amounts to the whole world, and practically, that securing it
 >   > is too hard to think about succeeding, but that's not a popular
 >   > view on this list.  And it's just theory.)
 > We have done substantial work to make Emacs secure against just
 > visiting a malicious file.

Yes.  But Emacs nowadays depends on a large number of external
libraries, many of which are known to have had security flaws.
(Specifically, being able to crash a program is considered a security
flaw, because crashes usually involve trying to execute unexecutable
data -- but if that data happened to be valid machine code, "anything"
can happen).

Emacs is also capable of handling almost any data known to man "out of
the box", which makes it a perfect instrument for "social
engineering".  Emacs users regularly share Lisp code, for example,
including with people who don't know Lisp.  I've done it myself,
though nothing nastier than a time bomb that pops up "Happy Birthday!" 
on the victim's birthday.  I could have had it mail me the contents of
.ssh (and I have a pretty good idea of the individual's preferences in
passphrases, and they are obviously short).

 > Has a specific flaw or bug been found?

Aside from the application/x-patch MIME type used by Gnus, I know of
none.  That one's mostly pedantic, as AFAIK noone proposes to do what
is implied by the "application" MIME type, namely, automatically apply
the patch.  (There's no good reason for diffs sent by mail to be
anything but a "text" MIME type.)

 > If so, what precisely?

As above.  I don't expect you to agree, nor am I perfectly consistent
in following the implications of the analysis.  But I don't install
Emacsen on machines storing other people's data unless they are
isolated from the Internet, and I don't install them on servers I care
about (I use TRAMP instead).

reply via email to

[Prev in Thread] Current Thread [Next in Thread]